Overview

File _patchinfo of Package patchinfo.6728

<patchinfo incident="6728">
  <issue id="387731" tracker="bnc">VUL-0: libid3tag overflow</issue>
  <issue id="1081962" tracker="bnc">VUL-0: libid3tag: CVE-2017-11550 libid3tag: NULL Pointer Dereference in id3_ucs4_length function in ucs4.c</issue>
  <issue id="1081959" tracker="bnc">VUL-0: CVE-2004-2779: libid3tag: id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2tags encoded in UTF-16 with an odd number of bytes, triggering an endless loopallocating memory until an OOM condition is reac</issue>
  <issue id="1081961" tracker="bnc">VUL-0: libid3tag: CVE-2017-11551 libid3tag: Out of memory in id3_field_parse function in field.c</issue>
  <issue id="2017-11551" tracker="cve" />
  <issue id="2017-11550" tracker="cve" />
  <issue id="2008-2109" tracker="cve" />
  <issue id="2004-2779" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>kbabioch</packager>
  <description>This update for libid3tag fixes the following issues:

- CVE-2004-2779 CVE-2017-11551: Fixed id3_utf16_deserialize() in utf16.c,
  which previously misparsed ID3v2 tags encoded in UTF-16 with an odd
  number of bytes, triggering an endless loop allocating memory until
  OOM leading to DoS. (bsc#1081959 bsc#1081961)
- CVE-2017-11550 CVE-2008-2109: Fixed the handling of unknown
  encodings when parsing ID3 tags. (bsc#1081962 bsc#387731)
</description>
  <summary>Security update for libid3tag</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places